SEC Cybersecurity Regulations for Shareholders

This white paper discusses the new cybersecurity regulations adopted by the U.S. Securities and Exchange Commission (SEC) and their implications for shareholders. It outlines the enhanced disclosure requirements that public companies must adhere to, which aim to provide shareholders with critical information regarding cybersecurity risks. The paper explains how these regulations necessitate companies to report material cybersecurity incidents and detail their risk management strategies in annual reports starting December 15, 2023. It emphasizes the importance of cybersecurity as both a financial risk and an opportunity for investors, linking strong cybersecurity performance to better company valuations. Furthermore, the document highlights the types of information shareholders should seek in disclosures, including governance structures, investment in cybersecurity, and incident management procedures. It also mentions the collaboration between Glass Lewis and Bitsight to provide quantitative data on companies' cybersecurity postures, enabling shareholders to make informed investment decisions based on objective ratings and analytics.